Microsoft and Cloudflare successfully dismantled the RaccoonO365 phishing operation, which targeted Microsoft 365 credentials through sophisticated phishing kits. This operation, linked to cybercriminal Joshua Ogundipe, has stolen thousands of credentials and earned over $100,000 in cryptocurrency. #RaccoonO365 #Storm2246
Keypoints
- Microsoft and Cloudflare coordinated to seize 338 websites tied to the RaccoonO365 phishing operation.
- RaccoonO365 has stolen at least 5,000 Microsoft credentials from victims in 94 countries since July 2024.
- The phishing kits used CAPTCHA and anti-bot techniques to appear legitimate and evade detection.
- The stolen data from victimsβ cloud accounts have been used for fraud, extortion, and system access.
- The operationβs leader, Joshua Ogundipe from Nigeria, is linked to Russian-speaking cybercriminal allies, and a criminal referral has been issued.